CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-51447
A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.2). The login implementation of the...
Description: A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.2). The login implementation of the affected application contains an observable response discrepancy vulnerability when validating usernames. This could allow an unauthenticated remote attacker to distinguish between valid and invalid usernames.

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

Source: CVE
May 13th, 2025 (about 1 month ago)

CVE-2024-51446
A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.4). The file upload feature of the...
Description: A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.4). The file upload feature of the affected application improperly sanitizes xml files. This could allow an authenticated remote attacker to conduct a stored cross-site scripting attack by uploading specially crafted xml files that are later downloaded and viewed by other users of the application.

CVSS: MEDIUM (6.5)

EPSS Score: 0.09%

Source: CVE
May 13th, 2025 (about 1 month ago)

CVE-2024-51445
A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.4). The affected application contains a...
Description: A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.4). The affected application contains a XML External Entity Injection (XXE) vulnerability in the docx import feature. This could allow an authenticated remote attacker to read arbitrary data from the application server.

CVSS: MEDIUM (6.5)

EPSS Score: 0.06%

Source: CVE
May 13th, 2025 (about 1 month ago)

CVE-2024-51444
A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.4). The application insufficiently...
Description: A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.4). The application insufficiently validates user input for database read queries. This could allow an authenticated remote attacker to conduct an SQL injection attack that bypasses authorization controls and allows to download any data from the application's database.

CVSS: MEDIUM (6.5)

EPSS Score: 0.06%

Source: CVE
May 13th, 2025 (about 1 month ago)

CVE-2025-3916
CWE-121: Stack-based Buffer Overflow vulnerability exists that could cause local attackers being able to exploit these issues to potentially...
Description: CWE-121: Stack-based Buffer Overflow vulnerability exists that could cause local attackers being able to exploit these issues to potentially execute arbitrary code while the end user opens a malicious project file (SSD file) provided by the attacker.

CVSS: MEDIUM (4.6)

EPSS Score: 0.02%

Source: CVE
May 13th, 2025 (about 1 month ago)

CVE-2025-27696
Apache Superset: Improper authorization leading to resource ownership takeover
Description: Improper Authorization vulnerability in Apache Superset allows ownership takeover of dashboards, charts or datasets by authenticated users with read permissions. This issue affects Apache Superset: through 4.1.1. Users are recommended to upgrade to version 4.1.2 or above, which fixes the issue.

CVSS: MEDIUM (5.3)

EPSS Score: 0.01%

Source: CVE
May 13th, 2025 (about 1 month ago)

CVE-2025-4339
TheGem <= 5.10.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Theme Options Update
Description: The TheGem theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxApi() function in all versions up to, and including, 5.10.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary theme options.

CVSS: MEDIUM (4.3)

EPSS Score: 0.03%

Source: CVE
May 13th, 2025 (about 1 month ago)

CVE-2025-3107
Newsletters <= 4.9.9.8 - Authenticated (Contributor+) SQL Injection orderby Parameter
Description: The Newsletters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby' parameter in all versions up to, and including, 4.9.9.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
May 13th, 2025 (about 1 month ago)

CVE-2025-31257
This issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia...
Description: This issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.

CVSS: MEDIUM (4.7)

EPSS Score: 0.04%

Source: CVE
May 12th, 2025 (about 1 month ago)

CVE-2025-31256
The issue was addressed with improved handling of caches. This issue is fixed in macOS Sequoia 15.5. Hot corner may unexpectedly reveal a user’s...
Description: The issue was addressed with improved handling of caches. This issue is fixed in macOS Sequoia 15.5. Hot corner may unexpectedly reveal a user’s deleted notes.

CVSS: MEDIUM (5.5)

EPSS Score: 0.01%

Source: CVE
May 12th, 2025 (about 1 month ago)